Thursday, June 27, 2013

windows eventlogs filtering

using eventlog forwarding\subscriptions to pass event to central monitoring server
which then is indexed by splunk.
(this saves having to put out universal forwarders or other things on our Domain Controllers)

so AD is tracking changes with eventlogs 5136
it also tracks changes like dnsnode updates etc.
as we only want the user object changes (at the moment)
and exclude certain eventdata

Using a custom view to pull the 5136 events from remove domain controllers

 <querylist>
 <query Id="0" Path="Security">
   <select Path="Security">
          *[System[(EventID=5136)]] and *[EventData[Data[@Name='ObjectClass'] and (Data='user')]]
     </Select>
      <suppress Path="Security">
       *[EventData[Data[@Name='AttributeLDAPDisplayName'] and (Data='userCertificate')]]
     </Suppress>
  </Query>
</QueryList>

was getting locale errors with eventlogs so had to set system language to english(united states)


good link for info about Auditing AD:
http://blogs.technet.com/b/askpfeplat/archive/2012/04/22/who-moved-the-ad-cheese.aspx
Posted by at No comments:
Labels: , , , ,

Monday, June 17, 2013

Added prettyify to my blog


Using the code from here https://code.google.com/p/google-code-prettify/
Followed the guide http://www.simplebloggertutorials.com/2013/03/add-syntax-highlighter-blogger.html

:)
Posted by at No comments:

Add\Import multiple CSV to excel 




# Now get a list of all csv files in current directory :)
$targetcsv=dir *.csv

#Create a new Excel object and add a new workbook. 
$Excel = New-Object -ComObject excel.application 
$Excel.visible = $true
$workbooks = $excel.Workbooks.Add()
$worksheets = $workbooks.worksheets
#Delete the extra worksheets and rename the first worksheet.
$worksheets.Item(3).delete()
$worksheets.Item(2).delete()
#Add worksheets based on the count of files
$count=1

foreach ( $CSVFile in $targetcsv ){
        IF ($count -ne 1){ $worksheets.Add()}
        #Write-Host $CSVFile.BaseName
        #Select worksheet 
        $worksheet = $worksheets.Item(1)
        #Give it a updated name
        $worksheet.Name = $CSVFile.BaseName
 
        #Grab the CSV
        $TxtConnector = ("TEXT;" + $CSVfile.fullname)
        $CellRef = $worksheet.Range("A1")
 
        #Import the text file
        $Connector = $worksheet.QueryTables.add($TxtConnector,$CellRef)
        $worksheet.QueryTables.item($Connector.name).TextFileCommaDelimiter = $True
        $worksheet.QueryTables.item($Connector.name).TextFileParseType  = 1
        $worksheet.QueryTables.item($Connector.name).Refresh()
        $worksheet.QueryTables.item($Connector.name).delete()
        
        #make pretty
        $worksheet.UsedRange.EntireColumn.AutoFit()
        #loop for fun!
        $count=$count+1        
        write-host $count

        }
Posted by at No comments:
Subscribe to: Posts (Atom)